package uk.ac.ox.ctl.lti13;

import java.util.Collections;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
import uk.ac.ox.ctl.lti13.security.oauth2.client.lti.authentication.OidcLaunchFlowAuthenticationProvider;
import uk.ac.ox.ctl.lti13.security.oauth2.client.lti.authentication.TargetLinkUriAuthenticationSuccessHandler;
import uk.ac.ox.ctl.lti13.security.oauth2.client.lti.web.OAuth2AuthorizationRequestRedirectFilter;
import uk.ac.ox.ctl.lti13.security.oauth2.client.lti.web.OAuth2LoginAuthenticationFilter;
import uk.ac.ox.ctl.lti13.security.oauth2.client.lti.web.OIDCInitiatingLoginRequestResolver;

/* loaded from: input_file:uk/ac/ox/ctl/lti13/Lti13Configurer.class */
public class Lti13Configurer extends AbstractHttpConfigurer<Lti13Configurer, HttpSecurity> {
    private String ltiPath = "/lti";
    private String loginPath = "/login";
    private String loginInitiationPath = "/login_initiation";
    private ApplicationEventPublisher applicationEventPublisher;
    private GrantedAuthoritiesMapper grantedAuthoritiesMapper;

    public Lti13Configurer ltiPath(String str) {
        this.ltiPath = str;
        return this;
    }

    public Lti13Configurer loginPath(String str) {
        this.loginPath = str;
        return this;
    }

    public Lti13Configurer loginInitiationPath(String str) {
        this.loginInitiationPath = str;
        return this;
    }

    public Lti13Configurer applicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.applicationEventPublisher = applicationEventPublisher;
        return this;
    }

    public Lti13Configurer grantedAuthoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
        this.grantedAuthoritiesMapper = grantedAuthoritiesMapper;
        return this;
    }

    public void init(HttpSecurity httpSecurity) {
        CsrfConfigurer configurer = httpSecurity.getConfigurer(CsrfConfigurer.class);
        if (configurer != null) {
            configurer.ignoringAntMatchers(new String[]{this.ltiPath + "/**"});
        }
        HeadersConfigurer configurer2 = httpSecurity.getConfigurer(HeadersConfigurer.class);
        if (configurer2 != null) {
            configurer2.frameOptions().disable();
        }
    }

    public void configure(HttpSecurity httpSecurity) {
        ClientRegistrationRepository clientRegistrationRepository = Lti13ConfigurerUtils.getClientRegistrationRepository(httpSecurity);
        OidcLaunchFlowAuthenticationProvider configureAuthenticationProvider = configureAuthenticationProvider(httpSecurity);
        httpSecurity.addFilterAfter(configureInitiationFilter(clientRegistrationRepository), LogoutFilter.class);
        httpSecurity.addFilterAfter(configureLoginFilter(clientRegistrationRepository, configureAuthenticationProvider), AbstractPreAuthenticatedProcessingFilter.class);
    }

    protected OidcLaunchFlowAuthenticationProvider configureAuthenticationProvider(HttpSecurity httpSecurity) {
        OidcLaunchFlowAuthenticationProvider oidcLaunchFlowAuthenticationProvider = new OidcLaunchFlowAuthenticationProvider();
        httpSecurity.authenticationProvider(oidcLaunchFlowAuthenticationProvider);
        if (this.grantedAuthoritiesMapper != null) {
            oidcLaunchFlowAuthenticationProvider.setAuthoritiesMapper(this.grantedAuthoritiesMapper);
        }
        return oidcLaunchFlowAuthenticationProvider;
    }

    protected OAuth2AuthorizationRequestRedirectFilter configureInitiationFilter(ClientRegistrationRepository clientRegistrationRepository) {
        return new OAuth2AuthorizationRequestRedirectFilter(new OIDCInitiatingLoginRequestResolver(clientRegistrationRepository, this.ltiPath + this.loginInitiationPath));
    }

    protected OAuth2LoginAuthenticationFilter configureLoginFilter(ClientRegistrationRepository clientRegistrationRepository, OidcLaunchFlowAuthenticationProvider oidcLaunchFlowAuthenticationProvider) {
        OAuth2LoginAuthenticationFilter oAuth2LoginAuthenticationFilter = new OAuth2LoginAuthenticationFilter(clientRegistrationRepository, this.ltiPath + this.loginPath);
        oAuth2LoginAuthenticationFilter.setAuthenticationSuccessHandler(new TargetLinkUriAuthenticationSuccessHandler());
        ProviderManager providerManager = new ProviderManager(Collections.singletonList(oidcLaunchFlowAuthenticationProvider));
        if (this.applicationEventPublisher != null) {
            providerManager.setAuthenticationEventPublisher(new DefaultAuthenticationEventPublisher(this.applicationEventPublisher));
        }
        oAuth2LoginAuthenticationFilter.setAuthenticationManager(providerManager);
        return oAuth2LoginAuthenticationFilter;
    }
}
